Sample viewer

vx.netlux.org/Virus.DOS.AntiEta.5315

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:06:22.511199567Z	48	PC: 1a8ca \| Get DOS version
2018-12-17T23:06:22.51366343Z	53	PC: 1a8e0 \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T23:06:22.515089521Z	98	PC: 1a8ec \| Get current PSP
2018-12-17T23:06:22.516099229Z	74	PC: 1a912 \| Reallocate memory
2018-12-17T23:06:22.518816067Z	74	PC: 1a919 \| Reallocate memory
2018-12-17T23:06:22.521700821Z	80	PC: 1a923 \| Set current PSP
2018-12-17T23:06:22.522947805Z	72	PC: 1a92e \| Allocate memory
2018-12-17T23:06:22.525139455Z	80	PC: 1a950 \| Set current PSP
2018-12-17T23:06:22.527016314Z	98	PC: 1a994 \| Get current PSP
2018-12-17T23:06:22.532039478Z	48	PC: 1841e \| Get DOS version
2018-12-17T23:06:22.533819615Z	74	PC: 18480 \| Reallocate memory
2018-12-17T23:06:22.536739655Z	48	PC: 16912 \| Get DOS version
2018-12-17T23:06:22.538094362Z	53	PC: 1691a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:06:22.539522447Z	37	PC: 1692c \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:06:22.546213316Z	68	PC: 169b0 \| I/O control for devices (Set for = '��F�}G�V��')
2018-12-17T23:06:22.563234026Z	68	PC: 169b0 \| I/O control for devices
2018-12-17T23:06:22.564715451Z	68	PC: 169b0 \| I/O control for devices (Set for = '')
2018-12-17T23:06:22.567170016Z	68	PC: 169b0 \| I/O control for devices (Set for = '')
2018-12-17T23:06:22.569137746Z	68	PC: 169b0 \| I/O control for devices (Set for = '')
2018-12-17T23:06:22.571982264Z	99	PC: 18754 \| Get DBCS lead byte table pointer
2018-12-17T23:06:22.574131145Z	68	PC: 1876e \| I/O control for devices (Set for = '')
2018-12-17T23:06:22.576217166Z	68	PC: 18779 \| I/O control for devices (Set for = '')
2018-12-17T23:06:22.57957547Z	68	PC: 18784 \| I/O control for devices (Set for = '')
2018-12-17T23:06:22.58193134Z	68	PC: 1878c \| I/O control for devices (Set for = '��b��g�t�S3��[r�2��W�<t��>W')
2018-12-17T23:06:22.584497464Z	48	PC: 18791 \| Get DOS version
2018-12-17T23:06:22.586716947Z	64	PC: 18a0c \| Write file or device (Write 27 bytes on handle 2)
2018-12-17T23:06:22.592859114Z	37	PC: 16a45 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:06:22.595476816Z	76	PC: 16a2e \| Terminate with return code (Return code = '1')
2018-12-17T23:06:22.599972789Z	77	PC: 11fe0 \| Get program return code
2018-12-17T23:06:22.602189166Z	88	PC: 9f931 \| case 0xGet or set allocation strateg:
2018-12-17T23:06:22.605755802Z	88	PC: 9f93f \| case 0xGet or set allocation strateg:
2018-12-17T23:06:22.607386036Z	88	PC: 9f944 \| case 0xGet or set allocation strateg:
2018-12-17T23:06:22.609083478Z	88	PC: 9f953 \| case 0xGet or set allocation strateg:
2018-12-17T23:06:22.614784546Z	72	PC: 9f959 \| Allocate memory
2018-12-17T23:06:22.61757354Z	88	PC: 9f965 \| case 0xGet or set allocation strateg:
2018-12-17T23:06:22.619223061Z	88	PC: 9f96b \| case 0xGet or set allocation strateg:
2018-12-17T23:06:22.622102936Z	73	PC: 12b72 \| Release memory
2018-12-17T23:06:22.627952824Z	53	PC: 12b83 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:22.629606713Z	82	PC: 12b97 \| Get DOS internal pointers (SYSVARS)
2018-12-17T23:06:22.632178248Z	37	PC: 12bd7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:22.633842046Z	72	PC: 12174 \| Allocate memory
2018-12-17T23:06:22.636086676Z	72	PC: 1218d \| Allocate memory
2018-12-17T23:06:22.638251927Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:06:22.640716621Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:06:22.642333391Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:22.645718876Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:22.649581949Z	62	PC: 122ab \| Close file
2018-12-17T23:06:22.654501538Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:22.659551993Z	62	PC: 122ab \| Close file
2018-12-17T23:06:22.66695389Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:22.67058162Z	62	PC: 122ab \| Close file
2018-12-17T23:06:22.674456435Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:22.678739357Z	62	PC: 122ab \| Close file
2018-12-17T23:06:22.682685386Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:22.686763012Z	62	PC: 122ab \| Close file
2018-12-17T23:06:22.692858091Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:22.697578396Z	62	PC: 122ab \| Close file
2018-12-17T23:06:22.702523905Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:22.705799803Z	62	PC: 122ab \| Close file
2018-12-17T23:06:22.710687623Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:22.713927454Z	62	PC: 122ab \| Close file
2018-12-17T23:06:22.717798552Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:22.722037201Z	62	PC: 122ab \| Close file
2018-12-17T23:06:22.725896147Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:22.729088358Z	62	PC: 122ab \| Close file
2018-12-17T23:06:22.733873605Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:22.736906907Z	62	PC: 122ab \| Close file
2018-12-17T23:06:22.740423038Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:22.74398757Z	62	PC: 122ab \| Close file
2018-12-17T23:06:22.747793545Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:22.750861233Z	62	PC: 122ab \| Close file
2018-12-17T23:06:22.75529042Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:22.75859853Z	62	PC: 122ab \| Close file
2018-12-17T23:06:22.762473765Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:22.766460161Z	62	PC: 122ab \| Close file
2018-12-17T23:06:22.771669945Z	96	PC: 12cd7 \| Qualify filename
2018-12-17T23:06:22.776553106Z	67	PC: 12c97 \| Get or set file attributes
2018-12-17T23:06:22.782747512Z	65	PC: 12c97 \| Delete file (Filename = 'C:\ANTI-VIR.DAT')
2018-12-17T23:06:22.789509355Z	67	PC: 12c97 \| Get or set file attributes
2018-12-17T23:06:22.795493315Z	65	PC: 12c97 \| Delete file (Filename = 'C:\CHKLIST.MS')
2018-12-17T23:06:22.803113091Z	61	PC: 12354 \| Open file (Filename = '')
2018-12-17T23:06:22.810799763Z	66	PC: 12372 \| Move file pointer
2018-12-17T23:06:22.81277715Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-17T23:06:22.830850721Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:22.834865248Z	62	PC: 1238a \| Close file
2018-12-17T23:06:22.838906366Z	99	PC: 9a5d7 \| Get DBCS lead byte table pointer
2018-12-17T23:06:22.840780469Z	56	PC: 94df9 \| Get or set country info
2018-12-17T23:06:22.844287984Z	64	PC: 9a848 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:06:22.849491276Z	25	PC: 94e62 \| Get default drive
2018-12-17T23:06:22.85174273Z	71	PC: 970dd \| Get current directory
2018-12-17T23:06:22.857698827Z	64	PC: 9a848 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T23:06:22.861637353Z	2	PC: 970b2 \| Character output (Char = '3e')
2018-12-17T23:06:22.865058805Z	93	PC: 94f20 \| File sharing functions
2018-12-17T23:06:22.868324535Z	93	PC: 94f27 \| File sharing functions
2018-12-17T23:06:22.870797103Z	10	PC: 94f39 \| Buffered keyboard input
2018-12-17T23:06:37.451477266Z	0	PC: 0 \| Program terminate
2018-12-17T23:06:38.807290805Z	0	PC: 0 \| Program terminate
2018-12-17T23:06:38.910299263Z	64	PC: 9a848 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:06:38.917595199Z	41	PC: 94fae \| Parse filename
2018-12-17T23:06:38.920242255Z	41	PC: 9502f \| Parse filename
2018-12-17T23:06:38.922306035Z	41	PC: 9504c \| Parse filename
2018-12-17T23:06:38.926788071Z	26	PC: 984f7 \| Set disk transfer address
2018-12-17T23:06:38.928974663Z	71	PC: 986f3 \| Get current directory
2018-12-17T23:06:38.940873502Z	78	PC: 986fe \| Find first file
2018-12-17T23:06:38.952204725Z	71	PC: 9856c \| Get current directory
2018-12-17T23:06:38.955439437Z	73	PC: 97c09 \| Release memory
2018-12-17T23:06:38.958589328Z	96	PC: 12cd7 \| Qualify filename
2018-12-17T23:06:38.964280688Z	67	PC: 12c97 \| Get or set file attributes
2018-12-17T23:06:38.970586584Z	65	PC: 12c97 \| Delete file (Filename = 'A:\ANTI-VIR.DAT')
2018-12-17T23:06:38.977118023Z	67	PC: 12c97 \| Get or set file attributes
2018-12-17T23:06:38.989163918Z	65	PC: 12c97 \| Delete file (Filename = 'A:\CHKLIST.MS')
2018-12-17T23:06:39.002059332Z	75	PC: 11821 \| Execute program
2018-12-17T23:06:39.019991215Z	9	PC: 140e7 \| Display string (String= 'Hello, World! ')
2018-12-17T23:06:39.026394202Z	76	PC: 140eb \| Terminate with return code (Return code = '36')
2018-12-17T23:06:39.029918818Z	77	PC: 11fe0 \| Get program return code
2018-12-17T23:06:39.031294014Z	72	PC: 12174 \| Allocate memory
2018-12-17T23:06:39.033856382Z	72	PC: 1218d \| Allocate memory
2018-12-17T23:06:39.035801148Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:06:39.037161164Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:06:39.038736706Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:39.042548763Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:39.045214685Z	62	PC: 122ab \| Close file
2018-12-17T23:06:39.048556157Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:39.052508797Z	62	PC: 122ab \| Close file
2018-12-17T23:06:39.056115168Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:39.058889674Z	62	PC: 122ab \| Close file
2018-12-17T23:06:39.063133352Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:39.070824461Z	62	PC: 122ab \| Close file
2018-12-17T23:06:39.074166284Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:39.078339379Z	62	PC: 122ab \| Close file
2018-12-17T23:06:39.082345121Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:39.084909632Z	62	PC: 122ab \| Close file
2018-12-17T23:06:39.088811227Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:39.091681002Z	62	PC: 122ab \| Close file
2018-12-17T23:06:39.095687594Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:39.102918689Z	62	PC: 122ab \| Close file
2018-12-17T23:06:39.106399703Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:39.109667386Z	62	PC: 122ab \| Close file
2018-12-17T23:06:39.113576646Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:39.11629178Z	62	PC: 122ab \| Close file
2018-12-17T23:06:39.11967459Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:39.123282653Z	62	PC: 122ab \| Close file
2018-12-17T23:06:39.126669962Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:39.129368284Z	62	PC: 122ab \| Close file
2018-12-17T23:06:39.133556097Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:39.140365098Z	62	PC: 122ab \| Close file
2018-12-17T23:06:39.143800377Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:39.14725935Z	62	PC: 122ab \| Close file
2018-12-17T23:06:39.151134635Z	25	PC: 12c97 \| Get default drive
2018-12-17T23:06:39.153890667Z	62	PC: 122ab \| Close file
2018-12-17T23:06:39.15846716Z	99	PC: 9a5d7 \| Get DBCS lead byte table pointer
2018-12-17T23:06:39.160076065Z	56	PC: 94df9 \| Get or set country info
2018-12-17T23:06:39.162208434Z	64	PC: 9a848 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:06:39.167708474Z	25	PC: 94e62 \| Get default drive
2018-12-17T23:06:39.169563562Z	71	PC: 970dd \| Get current directory
2018-12-17T23:06:39.173877983Z	64	PC: 9a848 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T23:06:39.178348838Z	2	PC: 970b2 \| Character output (Char = '3e')
2018-12-17T23:06:39.181203946Z	93	PC: 94f20 \| File sharing functions
2018-12-17T23:06:39.183192594Z	93	PC: 94f27 \| File sharing functions
2018-12-17T23:06:39.18608945Z	10	PC: 94f39 \| Buffered keyboard input